RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
When I did the upgrade from 8.15 to 8.22 many moons ago from what I remember it was fairly painless. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:Imail_Forum- [EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Thursday, October 26, 2006 10:46 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi Tripp, Thanks for jumping on this. Is there an upgrade path from 8.15 to 8.2 for those with a valid SA, or is it a reinstall? Any gotchas we should be aware of? Until a couple of other issues are resolved, we're still not comfortable with going to 2006.1. Thanks in advance. Darin. - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 5:13 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW We are not currently planning a patch for 8.15. SMTPD was rewritten in 8.2 and I can not confirm (or deny) that 8.1X is vulnerable right now. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, October 26, 2006 4:35 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW What about 8.15, Tripp? - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 2:02 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
Darin, When I did the upgrade from 8.15 to 8.22 many moons ago from what I remember it was fairly painless. John T eServices For You Same here. No problem that I recall. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
Is Ipswitch planning to check/fix prior 8.22 versions? Any SMTP update for 8.15 will work in 8.05?? If i understand correctly, SMTP was fully rewrited in 8.22, so is same in 8.05 and 8.15 Thxs, Pere Ginabreda -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de Tripp Allen Enviado el: viernes, 27 de octubre de 2006 3:57 Para: Imail_Forum@list.ipswitch.com Asunto: [IMail Forum] Update for SMTP vulnerability in 8.22 The steps and files to update 8.22 are located here: http://support.ipswitch.com/kb/IM-20061026-JH01.htm Note this will ONLY work for 8.22. Thanks, Tripp Allen Software Development Manager, Messaging Ipswitch, Inc. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
Yes, there were differences in the SMTP service between 8.0x and 8.1x. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:Imail_Forum- [EMAIL PROTECTED] On Behalf Of Servei Tècnic [ MICROTECH ] Sent: Friday, October 27, 2006 12:37 AM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 Is Ipswitch planning to check/fix prior 8.22 versions? Any SMTP update for 8.15 will work in 8.05?? If i understand correctly, SMTP was fully rewrited in 8.22, so is same in 8.05 and 8.15 Thxs, Pere Ginabreda -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de Tripp Allen Enviado el: viernes, 27 de octubre de 2006 3:57 Para: Imail_Forum@list.ipswitch.com Asunto: [IMail Forum] Update for SMTP vulnerability in 8.22 The steps and files to update 8.22 are located here: http://support.ipswitch.com/kb/IM-20061026-JH01.htm Note this will ONLY work for 8.22. Thanks, Tripp Allen Software Development Manager, Messaging Ipswitch, Inc. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
AW: [IMail Forum] Update for SMTP vulnerability in 8.22
Thanks very much. We already updated our servers and i advised all our customers to do same. --Mit freundlichen GrüssenMerlin ConsultingMartin SchaibleBahnhofstrasse 27CH-8702 ZollikonPhone: +41 44 391 30 00Fax: +41 44 391 32 49Mail: mailto:[EMAIL PROTECTED]URL: http://www.merlinconsulting.chSupport: http://support.merlinconsulting.chGPS: N47 20.235 E8 34.226News - Neue Produkte:.:. mxGuard - InvURIBL - MessageSniffer.:. NOD32 Antivirus System.:. BlueDragon.:. Kiwi Syslog Monitor.:. Paessler GmbH.:. SmarterTools Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Tripp AllenGesendet: Freitag, 27. Oktober 2006 03:57An: Imail_Forum@list.ipswitch.comBetreff: [IMail Forum] Update for SMTP vulnerability in 8.22 The steps and files to update 8.22 are located here: http://support.ipswitch.com/kb/IM-20061026-JH01.htm Note this will ONLY work for 8.22. Thanks, Tripp Allen Software Development Manager, Messaging Ipswitch, Inc.
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Since you have an SA you should have a key for 8.22. You can download 8.22 from our support pages and there is a link in the KB article I posted as well. Tripp - Original Message - From: Darin Cox [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 1:45 AM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi Tripp, Thanks for jumping on this. Is there an upgrade path from 8.15 to 8.2 for those with a valid SA, or is it a reinstall? Any gotchas we should be aware of? Until a couple of other issues are resolved, we're still not comfortable with going to 2006.1. Thanks in advance. Darin. - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 5:13 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW We are not currently planning a patch for 8.15. SMTPD was rewritten in 8.2 and I can not confirm (or deny) that 8.1X is vulnerable right now. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, October 26, 2006 4:35 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW What about 8.15, Tripp? - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 2:02 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
AW: [IMail Forum] SMTP Exploit Scanning Going on NOW
Hi, This is not really correct. If you have a subscription, you have a serial key for Imail 2006. To get a key für Imail 8.22, the customer service must be asked. Use this form: http://www.ipswitch.com/support/email_service.asp -- Mit freundlichen Grüssen Merlin Consulting Martin Schaible Bahnhofstrasse 27 CH-8702 Zollikon Phone: +41 44 391 30 00 Fax: +41 44 391 32 49 Mail:mailto:[EMAIL PROTECTED] URL: http://www.merlinconsulting.ch Support: http://support.merlinconsulting.ch GPS: N47 20.235 E8 34.226 News - Neue Produkte: .:. mxGuard - InvURIBL - MessageSniffer .:. NOD32 Antivirus System .:. BlueDragon .:. Kiwi Syslog Monitor .:. Paessler GmbH .:. SmarterTools -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Tripp Allen Gesendet: Freitag, 27. Oktober 2006 13:00 An: Imail_Forum@list.ipswitch.com Betreff: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Since you have an SA you should have a key for 8.22. You can download 8.22 from our support pages and there is a link in the KB article I posted as well. Tripp - Original Message - From: Darin Cox [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 1:45 AM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi Tripp, Thanks for jumping on this. Is there an upgrade path from 8.15 to 8.2 for those with a valid SA, or is it a reinstall? Any gotchas we should be aware of? Until a couple of other issues are resolved, we're still not comfortable with going to 2006.1. Thanks in advance. Darin. - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 5:13 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW We are not currently planning a patch for 8.15. SMTPD was rewritten in 8.2 and I can not confirm (or deny) that 8.1X is vulnerable right now. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, October 26, 2006 4:35 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW What about 8.15, Tripp? - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 2:02 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
any news about planning to check/fix prior 8.22 versions? will Kevin Gillis answer this (and here)? marc At 09:36 27.10.2006, you wrote: Is Ipswitch planning to check/fix prior 8.22 versions? Any SMTP update for 8.15 will work in 8.05?? If i understand correctly, SMTP was fully rewrited in 8.22, so is same in 8.05 and 8.15 Thxs, Pere Ginabreda -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de Tripp Allen Enviado el: viernes, 27 de octubre de 2006 3:57 Para: Imail_Forum@list.ipswitch.com Asunto: [IMail Forum] Update for SMTP vulnerability in 8.22 The steps and files to update 8.22 are located here: http://support.ipswitch.com/kb/IM-20061026-JH01.htm Note this will ONLY work for 8.22. Thanks, Tripp Allen Software Development Manager, Messaging Ipswitch, Inc. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ [Scanned for viruses by Declude] [Scanned for viruses by Declude] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Web Calendaring in Outlook using IMAP
No one as answered this question yet. I'm thinking of switching to another email server. I would like to know if Calendar sharing can be done as if Outlook was attached to an exchange server. Not the current way it is done on 8.12. If 2006.1 suite can do this that would save me time and money as we have already invested several years into this server and would like to stay with it. Please inform me if there are MAPI connectors that will allow the web calendar to be seen in MS Outlook. I do not like the current way of sharing calendar as people would have to update each one. Thank you again. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Pipkin Sent: Thursday, October 26, 2006 9:42 AM To: Imail_Forum@list.ipswitch.com Subject: [IMail Forum] Web Calendaring in Outlook using IMAP Is it possible to have the Web calendar displayed in MS Outlook while connecting via IMAP. I would really like for the Outlook generated calendar events to be accepted by the used and posted to the web calendar. I'm running version 8.21. If an upgrade will help I will do that. Just need some direction here. Thank you for your help. Mark Pipkin Kauffman Tire IT Administrator [EMAIL PROTECTED] attachment: winmail.dat
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Not to put too fine a point on it and I don't want to seem as though I'm bashing Ipswitch unnecessarily, but being forced to upgrade due to a problem of this nature is irksome. One of the problems I'll need to deal with might seem rather minuscule to you... We totally customize the login screens to suit our company's charter and tastes... Ipswitch changed the login.asp and login.aspx files so radically between versions 2006.03 and 2006.1 that we'll have to spend a few hours getting these screens squared away. I have to assume there was a reason for these changes as I doubt you'd waste horsepower. Minor problem, in the scheme of things, but still painfull... Could your programmers possibly assume that customers will be modifying the login files to better meld with their custom graphics, rather than going witha totally "form follows function" attitude? The other reasons I wasn't planning on ever upgrading to 2006.1 all concern the lack of progress in regards to the many issues we have with your web mail. I believe there were a couple of minor corrections that we thought were improvements... 1)The gauge showing how much disk space was utilized and is left. 2) Showing who the email was TO and not FROM in the sent folder... I guess I know where I'll be this Saturday, eh? -Gil -Gil -Original Message-From: "Tripp Allen" Sent 10/26/2006 4:19:06 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW You'll need to upgrade to 2006.1. Tripp From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil GomesSent: Thursday, October 26, 2006 4:13 PMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Ummm... How about 2006.03? Is that going to be patched, or do I need to quickly perform an upgrade to 2006.1 I've been running 2006.1 on a test box for a month or so, and I'm not really too choked up about it... I'll need to go back to my documentation to see exactly WHAT the issues are, but I was planning to skip that upgrade altogether and wait for the next one... -Gil -Original Message-From: "Tripp Allen" Sent 10/26/2006 3:02:19 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW2006.1 is not vulnerable to this exploit.We are working on a update for 8.22 which will include one DLL that needs tobe copied over the old one during a stop / start of smtpd32. I'll post alink here as soon as it's available.TrippTo Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] Update for SMTP vulnerability in 8.22
Thanks for the update - this was squeezing some people too tightly to make the jump from 8.22 to 2006.1 in time. - Original Message - From: Tripp Allen Sent: Thursday, October 26, 2006 9:56 PM Subject: [IMail Forum] Update for SMTP vulnerability in 8.22 The steps and files to update 8.22 are located here: To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] Update for SMTP vulnerability in 8.22
I talked to Kevin Gillis. The short answer is no patch for anything older than 8.22.- Original Message From: marc [EMAIL PROTECTED]To: Imail_Forum@list.ipswitch.comSent: Friday, October 27, 2006 4:51:00 AMSubject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22any news about "planning to check/fix prior 8.22 versions"?will Kevin Gillis answer this (and here)?marcAt 09:36 27.10.2006, you wrote:Is Ipswitch planning to check/fix prior 8.22 versions?Any SMTP update for 8.15 will work in 8.05??If i understand correctly, SMTP was fully rewrited in 8.22, so is same in8.05 and 8.15Thxs,Pere Ginabreda-Mensaje original-De: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] nombre de Tripp AllenEnviado el: viernes, 27 de octubre de 2006 3:57Para: Imail_Forum@list.ipswitch.comAsunto: [IMail Forum] Update for SMTP vulnerability in 8.22The steps and files to update 8.22 are located here:http://support.ipswitch.com/kb/IM-20061026-JH01.htmNote this will ONLYwork for 8.22.Thanks,Tripp AllenSoftware Development Manager, MessagingIpswitch, Inc.To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/[Scanned for viruses by Declude][Scanned for viruses by Declude]To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Many Thanks, Tripp. Darin. - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 6:59 AM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Since you have an SA you should have a key for 8.22. You can download 8.22 from our support pages and there is a link in the KB article I posted as well. Tripp - Original Message - From: Darin Cox [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 1:45 AM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi Tripp, Thanks for jumping on this. Is there an upgrade path from 8.15 to 8.2 for those with a valid SA, or is it a reinstall? Any gotchas we should be aware of? Until a couple of other issues are resolved, we're still not comfortable with going to 2006.1. Thanks in advance. Darin. - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 5:13 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW We are not currently planning a patch for 8.15. SMTPD was rewritten in 8.2 and I can not confirm (or deny) that 8.1X is vulnerable right now. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, October 26, 2006 4:35 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW What about 8.15, Tripp? - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 2:02 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Thanks, John and Michael. I didn't figure there would be much of anything, but figured I'd ask to be safe. Darin. - Original Message - From: Michael Thomas - Mathbox [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 2:39 AM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Darin, When I did the upgrade from 8.15 to 8.22 many moons ago from what I remember it was fairly painless. John T eServices For You Same here. No problem that I recall. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Hi Kevin, Thanks. I'll do that. I'll go through my archives and compare against your list when I get back in the office next week. Darin. - Original Message - From: Kevin Gillis [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 1:51 AM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi Darin, Can you share what the main issues are that you'd like to see resolved before upgrading to 2006.1? Chances are that others may share similar sentiments and we'd like to prioritize and address them. Bye for now, kg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Friday, October 27, 2006 01:46 To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi Tripp, Thanks for jumping on this. Is there an upgrade path from 8.15 to 8.2 for those with a valid SA, or is it a reinstall? Any gotchas we should be aware of? Until a couple of other issues are resolved, we're still not comfortable with going to 2006.1. Thanks in advance. Darin. - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 5:13 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW We are not currently planning a patch for 8.15. SMTPD was rewritten in 8.2 and I can not confirm (or deny) that 8.1X is vulnerable right now. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, October 26, 2006 4:35 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW What about 8.15, Tripp? - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 2:02 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Hi, all- What symptoms would indicate that you've been compromised? - Dave Doherty Skywaves, Inc. 97 Webster Street Worcester, MA 10603 (+1) - 508-425-7176 Please note our new mailing address! To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Yes, thanks. Will this work on 8.15? Cheers Mark We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
- Original Message - From: Mark [Support] [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 9:07 AM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Yes, thanks. Will this work on 8.15? No, as has been said here, and it bears repeating, 8.22 involved a major rewrite and differs enough that the patch for 8.22 will not work on 8.15 or below. You need to take immediate action to protect your server(s) by either removing Imail from direct contact to the internet by way of an SMTP gateway or proxy, or you need to upgrade to 8.22 at the very least. The upgrade to 8.22 from 8.15 has been reported to be straightforward from many Imail customers including myself. Hope this helps, Doug Traylor To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
on the upgrade. IIRC we did not move as the central directory (LDAP) was changed and no longer worked as it did previously. We are a K-12 school district and rely on the LDAP to lookup addresses by name, department, organization. This changed after 8.05 (I think) just saying if you rely on the LDAP for address lookup, I'd check with Ipswitch before doing it. we are behind IMGate and I'm thinking we're ok. just posting in case others use LDAP as well. bob On Friday, October 27, 2006 8:12 AM, Doug Traylor [EMAIL PROTECTED] wrote: - Original Message - From: Mark [Support] [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 9:07 AM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Yes, thanks. Will this work on 8.15? No, as has been said here, and it bears repeating, 8.22 involved a major rewrite and differs enough that the patch for 8.22 will not work on 8.15 or below. You need to take immediate action to protect your server(s) by either removing Imail from direct contact to the internet by way of an SMTP gateway or proxy, or you need to upgrade to 8.22 at the very least. The upgrade to 8.22 from 8.15 has been reported to be straightforward from many Imail customers including myself. Hope this helps, Doug Traylor To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
No, 8.22 only. Tom - Original Message - From: Mark [Support] [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 9:07 AM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW | Yes, thanks. Will this work on 8.15? | | Cheers | Mark | | We are working on a update for 8.22 which will include one DLL that | needs to | be copied over the old one during a stop / start of smtpd32. I'll post a | link here as soon as it's available. | To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html | List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ | Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ | To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
LS, Blessing to all of you. I was following the forum and have to upgrade now. Must I upgrade the different steps and fixes in sequence or can I just use the 8.22 on my running imail 8.15 In any case I'll backup first but doing it right the first time saves!!! Kenneth -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael Thomas - Mathbox Sent: Friday, October 27, 2006 2:40 AM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Darin, When I did the upgrade from 8.15 to 8.22 many moons ago from what I remember it was fairly painless. John T eServices For You Same here. No problem that I recall. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] Update for SMTP vulnerability in 8.22
Thx for this update, and wow, how a software can be useless after only 1,5 years!? This negligently attitude is not more acceptable. I will not pay 1000 USD and have next year after SA expired again a security problem. Is this a new manner to force to upgrade? marc At 15:24 27.10.2006, you wrote: I talked to Kevin Gillis. The short answer is no patch for anything older than 8.22. - Original Message From: marc [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 4:51:00 AM Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 any news about planning to check/fix prior 8.22 versions? will Kevin Gillis answer this (and here)? marc At 09:36 27.10.2006, you wrote: Is Ipswitch planning to check/fix prior 8.22 versions? Any SMTP update for 8.15 will work in 8.05?? If i understand correctly, SMTP was fully rewrited in 8.22, so is same in 8.05 and 8.15 Thxs, Pere Ginabreda -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de Tripp Allen Enviado el: viernes, 27 de octubre de 2006 3:57 Para: Imail_Forum@list.ipswitch.com Asunto: [IMail Forum] Update for SMTP vulnerability in 8.22 The steps and files to update 8.22 are located here: http://support.ipswitch.com/kb/IM-20061026-JH01.htmhttp://support.ipswitch.com/kb/IM-20061026-JH01.htm Note this will ONLY work for 8.22. Thanks, Tripp Allen Software Development Manager, Messaging Ipswitch, Inc. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlhttp://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/http://www.ipswitch.com/support/IMail/ [Scanned for viruses by Declude] [Scanned for viruses by Declude] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlhttp://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/http://www.ipswitch.com/support/IMail/ [Scanned for viruses by Declude] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
So, if you have no SA and are on 8.15, you either pay, or get hacked? Dave===Beach ComputersAffordable Hosting Solutionshttp://www.beachcomp.com===Cheap Domain WarehouseGet Your Own Dot!http://www.cheapdomainwarehouse.comDisclaimer and confidentiality note:The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential.If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on thecontents of this information is strictly prohibited and may be unlawful.The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please deleteit from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address recordscan be corrected.Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies.Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie PardueSent: Friday, October 27, 2006 9:24 AMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 I talked to Kevin Gillis. The short answer is no patch for anything older than 8.22. - Original Message From: marc [EMAIL PROTECTED]To: Imail_Forum@list.ipswitch.comSent: Friday, October 27, 2006 4:51:00 AMSubject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 any news about "planning to check/fix prior 8.22 versions"?will Kevin Gillis answer this (and here)?marcAt 09:36 27.10.2006, you wrote:Is Ipswitch planning to check/fix prior 8.22 versions?Any SMTP update for 8.15 will work in 8.05??If i understand correctly, SMTP was fully rewrited in 8.22, so is same in8.05 and 8.15Thxs,Pere Ginabreda-Mensaje original-De: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] nombre de Tripp AllenEnviado el: viernes, 27 de octubre de 2006 3:57Para: Imail_Forum@list.ipswitch.comAsunto: [IMail Forum] Update for SMTP vulnerability in 8.22The steps and files to update 8.22 are located here:http://support.ipswitch.com/kb/IM-20061026-JH01.htmNote this will ONLYwork for 8.22.Thanks,Tripp AllenSoftware Development Manager, MessagingIpswitch, Inc.To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/[Scanned for viruses by Declude][Scanned for viruses by Declude]To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] Update for SMTP vulnerability in 8.22
Or run everything through a gateway. That what I'm going to do. -d - Original Message - From: Beach Computers To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 10:44 AM Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 So, if you have no SA and are on 8.15, you either pay, or get hacked? Dave===Beach ComputersAffordable Hosting Solutionshttp://www.beachcomp.com===Cheap Domain WarehouseGet Your Own Dot!http://www.cheapdomainwarehouse.comDisclaimer and confidentiality note:The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential.If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on thecontents of this information is strictly prohibited and may be unlawful.The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please deleteit from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address recordscan be corrected.Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies.Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie PardueSent: Friday, October 27, 2006 9:24 AMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 I talked to Kevin Gillis. The short answer is no patch for anything older than 8.22. - Original Message From: marc [EMAIL PROTECTED]To: Imail_Forum@list.ipswitch.comSent: Friday, October 27, 2006 4:51:00 AMSubject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 any news about "planning to check/fix prior 8.22 versions"?will Kevin Gillis answer this (and here)?marcAt 09:36 27.10.2006, you wrote:Is Ipswitch planning to check/fix prior 8.22 versions?Any SMTP update for 8.15 will work in 8.05??If i understand correctly, SMTP was fully rewrited in 8.22, so is same in8.05 and 8.15Thxs,Pere Ginabreda-Mensaje original-De: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] nombre de Tripp AllenEnviado el: viernes, 27 de octubre de 2006 3:57Para: Imail_Forum@list.ipswitch.comAsunto: [IMail Forum] Update for SMTP vulnerability in 8.22The steps and files to update 8.22 are located here:http://support.ipswitch.com/kb/IM-20061026-JH01.htmNote this will ONLYwork for 8.22.Thanks,Tripp AllenSoftware Development Manager, MessagingIpswitch, Inc.To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/[Scanned for viruses by Declude][Scanned for viruses by Declude]To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
or replace imail and go to smartermail... marc At 16:44 27.10.2006, you wrote: So, if you have no SA and are on 8.15, you either pay, or get hacked? Dave === Beach Computers Affordable Hosting Solutions http://www.beachcomp.com === Cheap Domain Warehouse Get Your Own Dot! http://www.cheapdomainwarehouse.com Disclaimer and confidentiality note: The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address records can be corrected. Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies. Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. -- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Pardue Sent: Friday, October 27, 2006 9:24 AM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 I talked to Kevin Gillis. The short answer is no patch for anything older than 8.22. - Original Message From: marc [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 4:51:00 AM Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 any news about planning to check/fix prior 8.22 versions? will Kevin Gillis answer this (and here)? marc At 09:36 27.10.2006, you wrote: Is Ipswitch planning to check/fix prior 8.22 versions? Any SMTP update for 8.15 will work in 8.05?? If i understand correctly, SMTP was fully rewrited in 8.22, so is same in 8.05 and 8.15 Thxs, Pere Ginabreda -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de Tripp Allen Enviado el: viernes, 27 de octubre de 2006 3:57 Para: Imail_Forum@list.ipswitch.com Asunto: [IMail Forum] Update for SMTP vulnerability in 8.22 The steps and files to update 8.22 are located here: http://support.ipswitch.com/kb/IM-20061026-JH01.htmhttp://support.ipswitch.com/kb/IM-20061026-JH01.htm Note this will ONLY work for 8.22. Thanks, Tripp Allen Software Development Manager, Messaging Ipswitch, Inc. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlhttp://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/http://www.ipswitch.com/support/IMail/ [Scanned for viruses by Declude] [Scanned for viruses by Declude] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlhttp://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/http://www.ipswitch.com/support/IMail/ [Scanned for viruses by Declude] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
I don't think it is negligent. This is a relatively new exploit found very recently and Imail have released a fix quite quickly. I take the view that if you use outdated software without an SA then you are leaving yourself vulnerable and you have to be at least partially responsible for what follows - it is your implementation. Pressure Ipswitch to bring out a fix for previous veriosn by all means, I think they should but don't expect them to do so. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of marc Sent: 27 October 2006 15:28 To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 Thx for this update, and wow, how a software can be useless after only 1,5 years!? This negligently attitude is not more acceptable. I will not pay 1000 USD and have next year after SA expired again a security problem. Is this a new manner to force to upgrade? marc At 15:24 27.10.2006, you wrote: I talked to Kevin Gillis. The short answer is no patch for anything older than 8.22. - Original Message From: marc [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 4:51:00 AM Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 any news about planning to check/fix prior 8.22 versions? will Kevin Gillis answer this (and here)? marc At 09:36 27.10.2006, you wrote: Is Ipswitch planning to check/fix prior 8.22 versions? Any SMTP update for 8.15 will work in 8.05?? If i understand correctly, SMTP was fully rewrited in 8.22, so is same in 8.05 and 8.15 Thxs, Pere Ginabreda -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de Tripp Allen Enviado el: viernes, 27 de octubre de 2006 3:57 Para: Imail_Forum@list.ipswitch.com Asunto: [IMail Forum] Update for SMTP vulnerability in 8.22 The steps and files to update 8.22 are located here: http://support.ipswitch.com/kb/IM-20061026-JH01.htmhttp://support.ip switch.com/kb/IM-20061026-JH01.htm Note this will ONLY work for 8.22. Thanks, Tripp Allen Software Development Manager, Messaging Ipswitch, Inc. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlhttp://www.ipswitc h.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/http://w ww.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/http://www.ipswitch.com/suppor t/IMail/ [Scanned for viruses by Declude] [Scanned for viruses by Declude] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlhttp://www.ipswitch .com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/http://ww w.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/http://www.ipswitch.com/support /IMail/ [Scanned for viruses by Declude] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
[IMail Forum] IMail SMTP - quick question
I understand that Ipswitch has told people there will not be a patch for 8.15. So two questions: 1) What is the upgrade path to 8.22 for us 8.15 users? Is there one? 2) The vulnerability exploits a feature we do not use: the ability to relay via SMTP to another server by constructing an address that includes the relay server. Is there a registry entry or some other way to turn off that feature? For example, in SMTP Security, selecting relay for local users only, relay for local hosts only, or no relay? - Dave Doherty Skywaves, Inc. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
just get hacked... -Mensaje original-De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]En nombre de Beach ComputersEnviado el: viernes, 27 de octubre de 2006 16:45Para: Imail_Forum@list.ipswitch.comAsunto: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 So, if you have no SA and are on 8.15, you either pay, or get hacked? Dave===Beach ComputersAffordable Hosting Solutionshttp://www.beachcomp.com===Cheap Domain WarehouseGet Your Own Dot!http://www.cheapdomainwarehouse.comDisclaimer and confidentiality note:The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential.If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on thecontents of this information is strictly prohibited and may be unlawful.The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please deleteit from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address recordscan be corrected.Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies.Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie PardueSent: Friday, October 27, 2006 9:24 AMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 I talked to Kevin Gillis. The short answer is no patch for anything older than 8.22. - Original Message From: marc [EMAIL PROTECTED]To: Imail_Forum@list.ipswitch.comSent: Friday, October 27, 2006 4:51:00 AMSubject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 any news about "planning to check/fix prior 8.22 versions"?will Kevin Gillis answer this (and here)?marcAt 09:36 27.10.2006, you wrote:Is Ipswitch planning to check/fix prior 8.22 versions?Any SMTP update for 8.15 will work in 8.05??If i understand correctly, SMTP was fully rewrited in 8.22, so is same in8.05 and 8.15Thxs,Pere Ginabreda-Mensaje original-De: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] nombre de Tripp AllenEnviado el: viernes, 27 de octubre de 2006 3:57Para: Imail_Forum@list.ipswitch.comAsunto: [IMail Forum] Update for SMTP vulnerability in 8.22The steps and files to update 8.22 are located here:http://support.ipswitch.com/kb/IM-20061026-JH01.htmNote this will ONLYwork for 8.22.Thanks,Tripp AllenSoftware Development Manager, MessagingIpswitch, Inc.To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/[Scanned for viruses by Declude][Scanned for viruses by Declude]To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
[IMail Forum] Program Alias to control delivery of messages
I'm trying to figure out the program alias. We have a server (non Imail) that delivers email to parents. The emails all come from the same address and pass through Imail. There are some emails that we do not want to deliver so I'm thinking I can setup a program alias that all mail from this account will be processed by the alias. Here's the question: Has anyone setup a program alias that will delete the mail if a string is found in the message but deliver it if it's not found? any ideas on this would be appreciated. thanks, bob To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] Update for SMTP vulnerability in 8.22
How can you tell? Brian T. - Original Message - From: Servei Tecnic [ MICROTECH ] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 11:01 AM Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 just get hacked... -Mensaje original-De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]En nombre de Beach ComputersEnviado el: viernes, 27 de octubre de 2006 16:45Para: Imail_Forum@list.ipswitch.comAsunto: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 So, if you have no SA and are on 8.15, you either pay, or get hacked? Dave===Beach ComputersAffordable Hosting Solutionshttp://www.beachcomp.com===Cheap Domain WarehouseGet Your Own Dot!http://www.cheapdomainwarehouse.comDisclaimer and confidentiality note:The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential.If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on thecontents of this information is strictly prohibited and may be unlawful.The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please deleteit from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address recordscan be corrected.Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies.Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie PardueSent: Friday, October 27, 2006 9:24 AMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 I talked to Kevin Gillis. The short answer is no patch for anything older than 8.22. - Original Message From: marc [EMAIL PROTECTED]To: Imail_Forum@list.ipswitch.comSent: Friday, October 27, 2006 4:51:00 AMSubject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 any news about "planning to check/fix prior 8.22 versions"?will Kevin Gillis answer this (and here)?marcAt 09:36 27.10.2006, you wrote:Is Ipswitch planning to check/fix prior 8.22 versions?Any SMTP update for 8.15 will work in 8.05??If i understand correctly, SMTP was fully rewrited in 8.22, so is same in8.05 and 8.15Thxs,Pere Ginabreda-Mensaje original-De: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] nombre de Tripp AllenEnviado el: viernes, 27 de octubre de 2006 3:57Para: Imail_Forum@list.ipswitch.comAsunto: [IMail Forum] Update for SMTP vulnerability in 8.22The steps and files to update 8.22 are located here:http://support.ipswitch.com/kb/IM-20061026-JH01.htmNote this will ONLYwork for 8.22.Thanks,Tripp AllenSoftware Development Manager, MessagingIpswitch, Inc.To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/[Scanned for viruses by Declude][Scanned for viruses by Declude]To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
Right. Because that is a quicker fix than upgrading to 8.22 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of marc Sent: Friday, October 27, 2006 9:55 AM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 or replace imail and go to smartermail... marc At 16:44 27.10.2006, you wrote: So, if you have no SA and are on 8.15, you either pay, or get hacked? Dave === Beach Computers Affordable Hosting Solutions http://www.beachcomp.com === Cheap Domain Warehouse Get Your Own Dot! http://www.cheapdomainwarehouse.com Disclaimer and confidentiality note: The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address records can be corrected. Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies. Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. -- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Pardue Sent: Friday, October 27, 2006 9:24 AM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 I talked to Kevin Gillis. The short answer is no patch for anything older than 8.22. - Original Message From: marc [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 4:51:00 AM Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 any news about planning to check/fix prior 8.22 versions? will Kevin Gillis answer this (and here)? marc At 09:36 27.10.2006, you wrote: Is Ipswitch planning to check/fix prior 8.22 versions? Any SMTP update for 8.15 will work in 8.05?? If i understand correctly, SMTP was fully rewrited in 8.22, so is same in 8.05 and 8.15 Thxs, Pere Ginabreda -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de Tripp Allen Enviado el: viernes, 27 de octubre de 2006 3:57 Para: Imail_Forum@list.ipswitch.com Asunto: [IMail Forum] Update for SMTP vulnerability in 8.22 The steps and files to update 8.22 are located here: http://support.ipswitch.com/kb/IM-20061026-JH01.htmhttp://support.ip switch.com/kb/IM-20061026-JH01.htm Note this will ONLY work for 8.22. Thanks, Tripp Allen Software Development Manager, Messaging Ipswitch, Inc. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlhttp://www.ipswitc h.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/http://w ww.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/http://www.ipswitch.com/suppor t/IMail/ [Scanned for viruses by Declude] [Scanned for viruses by Declude] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlhttp://www.ipswitch .com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/http://ww w.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/http://www.ipswitch.com/support /IMail/ [Scanned for viruses by Declude] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
Right, but also partially responsible by IPSwitch. Its the first time in 10 years that a software seems to be useless after 3 years only, when IMail 8.x was coming out... again, this not acceptable. marc At 17:00 27.10.2006, you wrote: I don't think it is negligent. This is a relatively new exploit found very recently and Imail have released a fix quite quickly. I take the view that if you use outdated software without an SA then you are leaving yourself vulnerable and you have to be at least partially responsible for what follows - it is your implementation. Pressure Ipswitch to bring out a fix for previous veriosn by all means, I think they should but don't expect them to do so. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of marc Sent: 27 October 2006 15:28 To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 Thx for this update, and wow, how a software can be useless after only 1,5 years!? This negligently attitude is not more acceptable. I will not pay 1000 USD and have next year after SA expired again a security problem. Is this a new manner to force to upgrade? marc At 15:24 27.10.2006, you wrote: I talked to Kevin Gillis. The short answer is no patch for anything older than 8.22. - Original Message From: marc [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 4:51:00 AM Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 any news about planning to check/fix prior 8.22 versions? will Kevin Gillis answer this (and here)? marc At 09:36 27.10.2006, you wrote: Is Ipswitch planning to check/fix prior 8.22 versions? Any SMTP update for 8.15 will work in 8.05?? If i understand correctly, SMTP was fully rewrited in 8.22, so is same in 8.05 and 8.15 Thxs, Pere Ginabreda -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de Tripp Allen Enviado el: viernes, 27 de octubre de 2006 3:57 Para: Imail_Forum@list.ipswitch.com Asunto: [IMail Forum] Update for SMTP vulnerability in 8.22 The steps and files to update 8.22 are located here: http://support.ipswitch.com/kb/IM-20061026-JH01.htmhttp://support.ip switch.com/kb/IM-20061026-JH01.htm Note this will ONLY work for 8.22. Thanks, Tripp Allen Software Development Manager, Messaging Ipswitch, Inc. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlhttp://www.ipswitc h.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/http://w ww.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/http://www.ipswitch.com/suppor t/IMail/ [Scanned for viruses by Declude] [Scanned for viruses by Declude] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlhttp://www.ipswitch .com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/http://ww w.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/http://www.ipswitch.com/support /IMail/ [Scanned for viruses by Declude] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ [Scanned for viruses by Declude] [Scanned for viruses by Declude] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
I was asking for 8.05 fix, Ipswitch told us that no fix will be for prior 8.22 versions. It's IpSwitch's political and it's good for me. I understand this point, we do not support/fix 2 old versions (+5 years) of our software. Now i've 8.05, no SA and won't to pay new version, just get hacked (or vulnerable). I'll try to mantain save my server with ASSP. Pere Ginabreda. -Mensaje original-De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]En nombre de Brian T.Enviado el: viernes, 27 de octubre de 2006 17:23Para: Imail_Forum@list.ipswitch.comAsunto: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 How can you tell? Brian T. - Original Message - From: Servei Tecnic [ MICROTECH ] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 11:01 AM Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 just get hacked... -Mensaje original-De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]En nombre de Beach ComputersEnviado el: viernes, 27 de octubre de 2006 16:45Para: Imail_Forum@list.ipswitch.comAsunto: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 So, if you have no SA and are on 8.15, you either pay, or get hacked? Dave===Beach ComputersAffordable Hosting Solutionshttp://www.beachcomp.com===Cheap Domain WarehouseGet Your Own Dot!http://www.cheapdomainwarehouse.comDisclaimer and confidentiality note:The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential.If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on thecontents of this information is strictly prohibited and may be unlawful.The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please deleteit from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address recordscan be corrected.Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies.Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie PardueSent: Friday, October 27, 2006 9:24 AMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 I talked to Kevin Gillis. The short answer is no patch for anything older than 8.22. - Original Message From: marc [EMAIL PROTECTED]To: Imail_Forum@list.ipswitch.comSent: Friday, October 27, 2006 4:51:00 AMSubject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 any news about "planning to check/fix prior 8.22 versions"?will Kevin Gillis answer this (and here)?marcAt 09:36 27.10.2006, you wrote:Is Ipswitch planning to check/fix prior 8.22 versions?Any SMTP update for 8.15 will work in 8.05??If i understand correctly, SMTP was fully rewrited in 8.22, so is same in8.05 and 8.15Thxs,Pere Ginabreda-Mensaje original-De: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] nombre de Tripp AllenEnviado el: viernes, 27 de octubre de 2006 3:57Para: Imail_Forum@list.ipswitch.comAsunto: [IMail Forum] Update for SMTP vulnerability in 8.22The steps and files to update 8.22 are located here:http://support.ipswitch.com/kb/IM-20061026-JH01.htmNote this will ONLYwork for 8.22.Thanks,Tripp AllenSoftware Development Manager, MessagingIpswitch, Inc.To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/[Scanned for viruses by Declude][Scanned for viruses by Declude]To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Tripp, I think there are several of us who are still on 8.1x who are going to be upgrading this weekend. I will ask questions that more than just I am probably nervous about. For 8.12, all I needed was a serial No. Is this the same as the Key? Is the Serial No. / Key the same for 8.12 and 8.22? Is there any other gotcha we need to be aware of as we will be in the no support hours? Bill Green dfn Systems - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 4:59 AM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Since you have an SA you should have a key for 8.22. You can download 8.22 from our support pages and there is a link in the KB article I posted as well. Tripp - Original Message - From: Darin Cox [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 1:45 AM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi Tripp, Thanks for jumping on this. Is there an upgrade path from 8.15 to 8.2 for those with a valid SA, or is it a reinstall? Any gotchas we should be aware of? Until a couple of other issues are resolved, we're still not comfortable with going to 2006.1. Thanks in advance. Darin. - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 5:13 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW We are not currently planning a patch for 8.15. SMTPD was rewritten in 8.2 and I can not confirm (or deny) that 8.1X is vulnerable right now. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, October 26, 2006 4:35 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW What about 8.15, Tripp? - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 2:02 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ --- [This E-mail scanned for viruses by Declude EVA] --- [This E-mail scanned for viruses by Declude EVA] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
I just used the link, filled out the form, and got a reply that I would have an answer within 2 business days. If you are trying to get this done tonight or over the weekend, this is not a viable option. Bill Green dfn Systems - Original Message - From: Martin Schaible [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 5:06 AM Subject: AW: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi, This is not really correct. If you have a subscription, you have a serial key for Imail 2006. To get a key für Imail 8.22, the customer service must be asked. Use this form: http://www.ipswitch.com/support/email_service.asp -- Mit freundlichen Grüssen Merlin Consulting Martin Schaible Bahnhofstrasse 27 CH-8702 Zollikon Phone: +41 44 391 30 00 Fax: +41 44 391 32 49 Mail:mailto:[EMAIL PROTECTED] URL: http://www.merlinconsulting.ch Support: http://support.merlinconsulting.ch GPS: N47 20.235 E8 34.226 News - Neue Produkte: .:. mxGuard - InvURIBL - MessageSniffer .:. NOD32 Antivirus System .:. BlueDragon .:. Kiwi Syslog Monitor .:. Paessler GmbH .:. SmarterTools -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Tripp Allen Gesendet: Freitag, 27. Oktober 2006 13:00 An: Imail_Forum@list.ipswitch.com Betreff: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Since you have an SA you should have a key for 8.22. You can download 8.22 from our support pages and there is a link in the KB article I posted as well. Tripp - Original Message - From: Darin Cox [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 1:45 AM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi Tripp, Thanks for jumping on this. Is there an upgrade path from 8.15 to 8.2 for those with a valid SA, or is it a reinstall? Any gotchas we should be aware of? Until a couple of other issues are resolved, we're still not comfortable with going to 2006.1. Thanks in advance. Darin. - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 5:13 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW We are not currently planning a patch for 8.15. SMTPD was rewritten in 8.2 and I can not confirm (or deny) that 8.1X is vulnerable right now. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, October 26, 2006 4:35 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW What about 8.15, Tripp? - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 2:02 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ --- [This E-mail scanned for viruses by Declude EVA] --- [This E-mail scanned for viruses by Declude EVA] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
8.2 requires you to have an activation key which is a different key than your serial number. You can send an email to customer service to get an activation key for 8.2 here: http://www.ipswitch.com/support/email_service.asp Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Green dfn Systems Sent: Friday, October 27, 2006 12:08 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Tripp, I think there are several of us who are still on 8.1x who are going to be upgrading this weekend. I will ask questions that more than just I am probably nervous about. For 8.12, all I needed was a serial No. Is this the same as the Key? Is the Serial No. / Key the same for 8.12 and 8.22? Is there any other gotcha we need to be aware of as we will be in the no support hours? Bill Green dfn Systems - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 4:59 AM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Since you have an SA you should have a key for 8.22. You can download 8.22 from our support pages and there is a link in the KB article I posted as well. Tripp - Original Message - From: Darin Cox [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 1:45 AM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi Tripp, Thanks for jumping on this. Is there an upgrade path from 8.15 to 8.2 for those with a valid SA, or is it a reinstall? Any gotchas we should be aware of? Until a couple of other issues are resolved, we're still not comfortable with going to 2006.1. Thanks in advance. Darin. - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 5:13 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW We are not currently planning a patch for 8.15. SMTPD was rewritten in 8.2 and I can not confirm (or deny) that 8.1X is vulnerable right now. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, October 26, 2006 4:35 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW What about 8.15, Tripp? - Original Message - From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 2:02 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ --- [This E-mail scanned for viruses by Declude EVA] --- [This E-mail scanned for viruses by Declude EVA] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
Tripp, Is there anyone in Ipswitch that can CONFIRM this: If any of your customers are running 8.15 they have 2 options. PAY and upgrade. Stay vulnerable if not running any gateways. Your input is appreciated. Dave --- |Beach Computers| |Affordable Hosting Solutions | |http://www.beachcomp.com | === |Cheap Domain Warehouse | |Get Your Own Dot! | |http://www.cheapdomainwarehouse.com| -- Disclaimer and confidentiality note: The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address records can be corrected. Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies. Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
So am I to understand that ASSP somehow prevents the vulnerabtility from being a problem? Mike N FXOL To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] Update for SMTP vulnerability in 8.22
You can install 8.22 (and patch it) and select "Activate Later" when you launch "the smiley man". Nothing (according to techsupport) is restricted...except that you have to have activated it within 30 days or it will shut down.-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Green dfn Systems Sent: Friday, October 27, 2006 9:13 AM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW I just used the link, filled out the form, and got a reply that I would have an answer within 2 business days. If you are trying to get this done tonight or over the weekend, this is not a viable option. Bill Green dfn Systems - Original Message - From: "Martin Schaible" [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 5:06 AM Subject: AW: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi, This is not really correct. If you have a subscription, you have a serial key for Imail 2006. To get a key für Imail 8.22, the customer service must be asked. Use this form: http://www.ipswitch.com/support/email_service.asp -- Mit freundlichen Grüssen Merlin Consulting Martin Schaible Bahnhofstrasse 27 CH-8702 Zollikon Phone: +41 44 391 30 00 Fax: +41 44 391 32 49 Mail: mailto:[EMAIL PROTECTED] URL: http://www.merlinconsulting.ch Support: http://support.merlinconsulting.ch GPS: N47 20.235 E8 34.226 News - Neue Produkte: .:. mxGuard - InvURIBL - MessageSniffer .:. NOD32 Antivirus System .:. BlueDragon .:. Kiwi Syslog Monitor .:. Paessler GmbH .:. SmarterTools -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Tripp Allen Gesendet: Freitag, 27. Oktober 2006 13:00 An: Imail_Forum@list.ipswitch.com Betreff: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Since you have an SA you should have a key for 8.22. You can download 8.22 from our support pages and there is a link in the KB article I posted as well. Tripp - Original Message - From: "Darin Cox" [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 1:45 AM Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW Hi Tripp, Thanks for jumping on this. Is there an upgrade path from 8.15 to 8.2 for those with a valid SA, or is it a reinstall? Any gotchas we should be aware of? Until a couple of other issues are resolved, we're still not comfortable with going to 2006.1. Thanks in advance. Darin. - Original Message - From: "Tripp Allen" [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 5:13 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW We are not currently planning a patch for 8.15. SMTPD was rewritten in 8.2 and I can not confirm (or deny) that 8.1X is vulnerable right now. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, October 26, 2006 4:35 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] SMTP Exploit Scanning Going on NOW What about 8.15, Tripp? - Original Message - From: "Tripp Allen" [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Thursday, October 26, 2006 2:02 PM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW 2006.1 is not vulnerable to this exploit. We are working on a update for 8.22 which will include one DLL that needs to be copied over the old one during a stop / start of smtpd32. I'll post a link here as soon as it's available. Tripp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe:
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
ASSP, IMGATE, , Barracuda and Alligate all sit in front of the mail server and act as a gateway. If you keep your mail server otherwise firewalled and have one of these products out in front then the vulnerability is mitigated (from external sources). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Friday, October 27, 2006 12:28 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 So am I to understand that ASSP somehow prevents the vulnerabtility from being a problem? Mike N FXOL To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
Bill, It is viable. Imail will run for 30 days without the key. That should give anyone time enough to get their key. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) I just used the link, filled out the form, and got a reply that I would have an answer within 2 business days. If you are trying to get this done tonight or over the weekend, this is not a viable option. Bill Green dfn Systems To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] Update for SMTP vulnerability in 8.22
How can one verify that this patch is actually installed? I downloaded IMail822.exe from the link Tripp posted and installed it. I was never prompted for any activation info during the install. I don't see any recent dates on the SMTP related files either SMTPd32.exe - 11/30/2005 3:18PM SmtpDLL.dll - 11/30/2005 3:14PM SMTPProtocol.dll - 11/30/2005 3:15PM Imail Administrator reports Version 8.22 - 2005.10.19.3 Chris McFarling To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] Update for SMTP vulnerability in 8.22
Thank you, Robbie, and Michael. That's what was making me uneasy. I had a vague memory of some concerns over activation when 8.2 was new. I've downloaded 8.22 from the link in the KB article Tripp posted. It is named imail8.22.exe and is 23,639KB. The KB labels it an update, but I believe by the size it is a full install. Can anyone confrm this for a nervous (paranoid) IMail admin? Bill Green dfn Systems You can install 8.22 (and patch it) and select "Activate Later" when you launch "the smiley man". Nothing (according to techsupport) is restricted...except that you have to have activated it within 30 days or it will shut down.
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
There is a separate smtpprotocol.dll file that is in zip form further down the page. It has a date of 10/26/2006, 172 KB in size. Stop imail services, rename old smtpprotocol.dll to smtpprotocol.sav, then copy the new one into the Imail directory, restart services. I think that is it... Neil Olson Information Technology Grand View College 1200 Grandview Ave Des Moines IA 50316 [EMAIL PROTECTED] 515-263-2800 From: [EMAIL PROTECTED] on behalf of Chris McFarling Sent: Fri 10/27/2006 11:57 AM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 How can one verify that this patch is actually installed? I downloaded IMail822.exe from the link Tripp posted and installed it. I was never prompted for any activation info during the install. I don't see any recent dates on the SMTP related files either SMTPd32.exe - 11/30/2005 3:18PM SmtpDLL.dll - 11/30/2005 3:14PM SMTPProtocol.dll - 11/30/2005 3:15PM Imail Administrator reports Version 8.22 - 2005.10.19.3 Chris McFarling To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ winmail.dat
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
Hello! I am no email expert, and I didn't feel comfortable setting up a full blown gateway (ASSP, IMGATE, etc...) while waiting for the 8.22 patch, so my kludge was to just block all external access to my iMail server except from my backup MXs. I setup an ETRN dequeue to run every so often and despool mail from the backups. This worked for me because my backup MXs are external and are not running iMail. I suppose you could also make it work even if you backups are internal as long as they aren't running iMail. As far as I know, no one lost any email, although it may have been delayed a little bit. But hey, better late than never... Also, this is probably not a very neighborly thing to do for an extended period of time, but it could be a quick way to buy some short term protection until a patch/upgrade decision can be made and implemented. John At 11:31 AM 10/27/2006, you wrote: ASSP, IMGATE, , Barracuda and Alligate all sit in front of the mail server and act as a gateway. If you keep your mail server otherwise firewalled and have one of these products out in front then the vulnerability is mitigated (from external sources). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Friday, October 27, 2006 12:28 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 So am I to understand that ASSP somehow prevents the vulnerabtility from being a problem? Mike N FXOL To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] Update for SMTP vulnerability in 8.22
You did the same thing I did but then I realized further down on the page there is a link to just the SMTP dll that is updated for the fix. Keith Zwick Cribellum, LLC 248-596-1901 ex301 - Original Message - From: Chris McFarling [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 12:57 PM Subject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 How can one verify that this patch is actually installed? I downloaded IMail822.exe from the link Tripp posted and installed it. I was never prompted for any activation info during the install. I don't see any recent dates on the SMTP related files either SMTPd32.exe - 11/30/2005 3:18PM SmtpDLL.dll - 11/30/2005 3:14PM SMTPProtocol.dll - 11/30/2005 3:15PM Imail Administrator reports Version 8.22 - 2005.10.19.3 Chris McFarling To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
After you install 8.22, you will need to download the patch file from the KB article and update the smtpprotocol.dll. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris McFarling Sent: Friday, October 27, 2006 12:57 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 How can one verify that this patch is actually installed? I downloaded IMail822.exe from the link Tripp posted and installed it. I was never prompted for any activation info during the install. I don't see any recent dates on the SMTP related files either SMTPd32.exe - 11/30/2005 3:18PM SmtpDLL.dll - 11/30/2005 3:14PM SMTPProtocol.dll - 11/30/2005 3:15PM Imail Administrator reports Version 8.22 - 2005.10.19.3 Chris McFarling To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] Update for SMTP vulnerability in 8.22
Yes, confirmed. Stop your services, run the imail8.22, launch the "smiley man", activate or trial, stop the smtp, replace the smtpprotocol.dll for the patch and start the smtp. Did it on two machines this morning...in the same nervous condition. - Original Message From: Bill Green dfn Systems [EMAIL PROTECTED]To: Imail_Forum@list.ipswitch.comSent: Friday, October 27, 2006 10:05:20 AMSubject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 Thank you, Robbie, and Michael. That's what was making me uneasy. I had a vague memory of some concerns over activation when 8.2 was new. I've downloaded 8.22 from the link in the KB article Tripp posted. It is named imail8.22.exe and is 23,639KB. The KB labels it an update, but I believe by the size it is a full install. Can anyone confrm this for a nervous (paranoid) IMail admin? Bill Green dfn Systems You can install 8.22 (and patch it) and select "Activate Later" when you launch "the smiley man". Nothing (according to techsupport) is restricted...except that you have to have activated it within 30 days or it will shut down.
RE: [IMail Forum] SMTP Exploit Scanning Going on NOW
We are not currently planning a patch for 8.1X so you will need to upgrade. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Beach Computers Sent: Friday, October 27, 2006 12:25 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Tripp, Is there anyone in Ipswitch that can CONFIRM this: If any of your customers are running 8.15 they have 2 options. PAY and upgrade. Stay vulnerable if not running any gateways. Your input is appreciated. Dave --- |Beach Computers| |Affordable Hosting Solutions | |http://www.beachcomp.com | === |Cheap Domain Warehouse | |Get Your Own Dot! | |http://www.cheapdomainwarehouse.com| -- Disclaimer and confidentiality note: The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address records can be corrected. Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies. Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] Update for SMTP vulnerability in 8.22
Running IMail822.exe only gets you upgraded to the version that *can* be patched. You still need to download SMTPProtocol.zip and replace the .dll. Mike Chris McFarling wrote: How can one verify that this patch is actually installed? I downloaded IMail822.exe from the link Tripp posted and installed it. I was never prompted for any activation info during the install. I don't see any recent dates on the SMTP related files either SMTPd32.exe - 11/30/2005 3:18PM SmtpDLL.dll - 11/30/2005 3:14PM SMTPProtocol.dll - 11/30/2005 3:15PM Imail Administrator reports Version 8.22 - 2005.10.19.3 Chris McFarling To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
The patch is here: http://support.ipswitch.com/kb/IM-20061026-JH01.htm You need to download the updated smtpprotocol file and follow the instructions to replace it. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cert Sent: Friday, October 27, 2006 1:07 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 Hello! I am no email expert, and I didn't feel comfortable setting up a full blown gateway (ASSP, IMGATE, etc...) while waiting for the 8.22 patch, so my kludge was to just block all external access to my iMail server except from my backup MXs. I setup an ETRN dequeue to run every so often and despool mail from the backups. This worked for me because my backup MXs are external and are not running iMail. I suppose you could also make it work even if you backups are internal as long as they aren't running iMail. As far as I know, no one lost any email, although it may have been delayed a little bit. But hey, better late than never... Also, this is probably not a very neighborly thing to do for an extended period of time, but it could be a quick way to buy some short term protection until a patch/upgrade decision can be made and implemented. John At 11:31 AM 10/27/2006, you wrote: ASSP, IMGATE, , Barracuda and Alligate all sit in front of the mail server and act as a gateway. If you keep your mail server otherwise firewalled and have one of these products out in front then the vulnerability is mitigated (from external sources). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Friday, October 27, 2006 12:28 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 So am I to understand that ASSP somehow prevents the vulnerabtility from being a problem? Mike N FXOL To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
So, Who's using Smartermail? What are your thoughts on it? Any gotchas going fromImail to Smartermail? Thanks Dave --- |Beach Computers| |Affordable Hosting Solutions | |http://www.beachcomp.com | === |Cheap Domain Warehouse | |Get Your Own Dot! | |http://www.cheapdomainwarehouse.com| -- Disclaimer and confidentiality note: The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address records can be corrected. Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies. Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tripp Allen Sent: Friday, October 27, 2006 1:17 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 The patch is here: http://support.ipswitch.com/kb/IM-20061026-JH01.htm You need to download the updated smtpprotocol file and follow the instructions to replace it. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cert Sent: Friday, October 27, 2006 1:07 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 Hello! I am no email expert, and I didn't feel comfortable setting up a full blown gateway (ASSP, IMGATE, etc...) while waiting for the 8.22 patch, so my kludge was to just block all external access to my iMail server except from my backup MXs. I setup an ETRN dequeue to run every so often and despool mail from the backups. This worked for me because my backup MXs are external and are not running iMail. I suppose you could also make it work even if you backups are internal as long as they aren't running iMail. As far as I know, no one lost any email, although it may have been delayed a little bit. But hey, better late than never... Also, this is probably not a very neighborly thing to do for an extended period of time, but it could be a quick way to buy some short term protection until a patch/upgrade decision can be made and implemented. John At 11:31 AM 10/27/2006, you wrote: ASSP, IMGATE, , Barracuda and Alligate all sit in front of the mail server and act as a gateway. If you keep your mail server otherwise firewalled and have one of these products out in front then the vulnerability is mitigated (from external sources). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Friday, October 27, 2006 12:28 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 So am I to understand that ASSP somehow prevents the vulnerabtility from being a problem? Mike N FXOL To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
This is not true! We have an IMGate solution and were hit this morning by it. The had a valid email address in the to field for the email address and the name associated to it had the code and we were hit with 15,000 emails in a matter of a little while. Len just put a header filter in place on the IMGate to try to stop it. Note: we patched this morning after realizing we were hit, therefore are OK now. Thanks, Grant Griffith Web Application Developer Enhanced Telecommunications http://www.etczone.com 812-932-1000 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Moody Sent: Friday, October 27, 2006 12:31 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 ASSP, IMGATE, , Barracuda and Alligate all sit in front of the mail server and act as a gateway. If you keep your mail server otherwise firewalled and have one of these products out in front then the vulnerability is mitigated (from external sources). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Friday, October 27, 2006 12:28 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 So am I to understand that ASSP somehow prevents the vulnerabtility from being a problem? Mike N FXOL To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] Update for SMTP vulnerability in 8.22
We tested it and found it wanting. It, in our opinion, is not suitable as a replacement. Beach Computers wrote: So, Who's using Smartermail? What are your thoughts on it? Any gotchas going fromImail to Smartermail? Thanks Dave --- |Beach Computers| |Affordable Hosting Solutions | |http://www.beachcomp.com | === |Cheap Domain Warehouse | |Get Your Own Dot! | |http://www.cheapdomainwarehouse.com| -- Disclaimer and confidentiality note: The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address records can be corrected. Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies. Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tripp Allen Sent: Friday, October 27, 2006 1:17 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 The patch is here: http://support.ipswitch.com/kb/IM-20061026-JH01.htm You need to download the updated smtpprotocol file and follow the instructions to replace it. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cert Sent: Friday, October 27, 2006 1:07 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 Hello! I am no email expert, and I didn't feel comfortable setting up a full blown gateway (ASSP, IMGATE, etc...) while waiting for the 8.22 patch, so my kludge was to just block all external access to my iMail server except from my backup MXs. I setup an ETRN dequeue to run every so often and despool mail from the backups. This worked for me because my backup MXs are external and are not running iMail. I suppose you could also make it work even if you backups are internal as long as they aren't running iMail. As far as I know, no one lost any email, although it may have been delayed a little bit. But hey, better late than never... Also, this is probably not a very neighborly thing to do for an extended period of time, but it could be a quick way to buy some short term protection until a patch/upgrade decision can be made and implemented. John At 11:31 AM 10/27/2006, you wrote: ASSP, IMGATE, , Barracuda and Alligate all sit in front of the mail server and act as a gateway. If you keep your mail server otherwise firewalled and have one of these products out in front then the vulnerability is mitigated (from external sources). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Friday, October 27, 2006 12:28 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 So am I to understand that ASSP somehow prevents the vulnerabtility from being a problem? Mike N FXOL To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ --- [This E-mail scanned for viruses courtesy of
Re: [IMail Forum] Update for SMTP vulnerability in 8.22
Thank you Tripp. This response is a good one and it is greatly appreciated. Mark Tripp Allen wrote: The patch is here: http://support.ipswitch.com/kb/IM-20061026-JH01.htm You need to download the updated smtpprotocol file and follow the instructions to replace it. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cert Sent: Friday, October 27, 2006 1:07 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 Hello! I am no email expert, and I didn't feel comfortable setting up a full blown gateway (ASSP, IMGATE, etc...) while waiting for the 8.22 patch, so my kludge was to just block all external access to my iMail server except from my backup MXs. I setup an ETRN dequeue to run every so often and despool mail from the backups. This worked for me because my backup MXs are external and are not running iMail. I suppose you could also make it work even if you backups are internal as long as they aren't running iMail. As far as I know, no one lost any email, although it may have been delayed a little bit. But hey, better late than never... Also, this is probably not a very neighborly thing to do for an extended period of time, but it could be a quick way to buy some short term protection until a patch/upgrade decision can be made and implemented. John At 11:31 AM 10/27/2006, you wrote: ASSP, IMGATE, , Barracuda and Alligate all sit in front of the mail server and act as a gateway. If you keep your mail server otherwise firewalled and have one of these products out in front then the vulnerability is mitigated (from external sources). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Friday, October 27, 2006 12:28 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 So am I to understand that ASSP somehow prevents the vulnerabtility from being a problem? Mike N FXOL To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ --- [This E-mail scanned for viruses courtesy of Netslyder, Inc.(http://www.netslyder.net)] --- [This E-mail scanned for viruses courtesy of Netslyder, Inc.(http://www.netslyder.net)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] Update for SMTP vulnerability in 8.22
FWIW I have been shocked NOT to have seen any evidence described of scanning for this vulnerablity here, and I wonder if it's because we changed our default Hello Message in advanced SMTP configuration such that it no longer mention imail. The default Imail response to the initial hello message seems to be along the lines of 220 domain.com (IMail 8.22 -x) NT-ESMTP Server X1 And I wonder whether the scans are looking forthat "Imail" response before continuing their nefarious tasks. Not that this is a solution, but might help out those of you who don't want to apply the 8.22 hotfix right away.
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
Anyone know of a possible way to close this off in visnetic by a filter? Dave --- |Beach Computers| |Affordable Hosting Solutions | |http://www.beachcomp.com | === |Cheap Domain Warehouse | |Get Your Own Dot! | |http://www.cheapdomainwarehouse.com| -- Disclaimer and confidentiality note: The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address records can be corrected. Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies. Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant Griffith Sent: Friday, October 27, 2006 1:42 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 This is not true! We have an IMGate solution and were hit this morning by it. The had a valid email address in the to field for the email address and the name associated to it had the code and we were hit with 15,000 emails in a matter of a little while. Len just put a header filter in place on the IMGate to try to stop it. Note: we patched this morning after realizing we were hit, therefore are OK now. Thanks, Grant Griffith Web Application Developer Enhanced Telecommunications http://www.etczone.com 812-932-1000 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Moody Sent: Friday, October 27, 2006 12:31 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 ASSP, IMGATE, , Barracuda and Alligate all sit in front of the mail server and act as a gateway. If you keep your mail server otherwise firewalled and have one of these products out in front then the vulnerability is mitigated (from external sources). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Friday, October 27, 2006 12:28 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 So am I to understand that ASSP somehow prevents the vulnerabtility from being a problem? Mike N FXOL To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
Anyone know of a possible way to close this off in visnetic by a filter? I think Greg Linares [EMAIL PROTECTED] discovered/wrote the exploit, on or about the 19th, so you might check with him. ~Rick _ Virus Scanned and Filtered by - http://www.FamHost.com E-Mail System. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
Does IPSwitch have stated life-of-product somewhere? I ask because Imail 8.2 came out in April 28 of 2005 and was the first to require "Activation" (?) Was the condition of this activation an active support contract at the time? And if so is one ordinarily included with the software at time of purchase? If, for example, one would ordinarily get a 1-year contract with purchase, then that would mean that someone purchasing imail before April 28 of 2004 would be excluded from this upgrade without purchasing a support contract. That makes the life-of-product for an IPSwitch purchase only 2.5 years. I understand that "you don't pay for a support contract, you don't get to call when it breaks" is a reasonable standard. And I understand that "you don't get a support contract you don't get new features" is another okay standard. But this is not a feature or a user problem, this is a security vulnerability. By refusing to release a patch for the basic functionality of Imail 8.15, Ipswitch is going from flag-ship software to abandonware in 2.5 years...which seems a little rough. I understand that IPSwitch makes these products in order to make money and that a small-office admin with a system that is good enough for her needs, that her users know and like, and that doesn't change enough for her to need spendy service-contracts stops making money for IPswitch if she cannot be compelled to upgrade for by a marketing blitz, but Imail 8.15 itself was only released in February of 2005...that's 18 months ago. 18 months from THE-version to no-more-patches seems excessive. How about a patch for 8.15 and a time-of-life mailling. "We will no longer be supporting Imail 8.15 after January 31st, here are your options"...instead of "Nah, we've just decided arbitrarily that it's too much trouble". No warning, no nothing. Monday there's an exploit, Friday it's expired, that's just the way it is. ...I talked to techsupport this morning and was told personally that nearly all of the cases of exploitation that they have seen have been of version 8.15. If SMTP was really so totally different between 8.15 and 8.22 then how can it have the exact same vulnerability? but still be too different to fix? If most of the people experiencing trouble are using 8.15 then how can it not be worth it to release a patch for them? Even for basic Internet Netiquette and reputation of the software this is not right. All apologies if I missed the "8.15 will expire on" in my monthly spamming and/or if this was in the fine-print when I clicked "Agree" (I guess).- Original Message From: Tripp Allen [EMAIL PROTECTED]To: Imail_Forum@list.ipswitch.comSent: Friday, October 27, 2006 10:15:19 AMSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOWWe are not currently planning a patch for 8.1X so you will need to upgrade.Tripp-Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of Beach ComputersSent: Friday, October 27, 2006 12:25 PMTo: Imail_Forum@list.ipswitch.comSubject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOWTripp,Is there anyone in Ipswitch that can CONFIRM this:If any of your customers are running 8.15 they have 2 options.PAY and upgrade.Stay vulnerable if not running any gateways.Your input is appreciated.Dave ---|Beach Computers||Affordable Hosting Solutions ||http://www.beachcomp.com | ===|Cheap Domain Warehouse ||Get Your Own Dot!||http://www.cheapdomainwarehouse.com| --Disclaimer and confidentiality note:The contents of this communication are intended/meant only for addressee(s)and may contain information that is privileged or otherwise confidential.If you are not the intended recipient you are hereby notified that anydisclosure, copying, distribution or taking any action in reliance on thecontents of this information is strictly prohibited and may be unlawful.The contents of this e-mail shall not be forwarded to any third party. Ifyou have received this electronic mail transmission in error, please deleteit from your system without copying or forwarding it, and notify the senderof the error by reply email, so that the sender's address records can becorrected.Views and opinions are solely those of the sender unless clearly indicatedas being that of Beach Computers or any of it's affiliated companies.Beach Computers cannot assure that the integrity of this communication hasbeen maintained or that it is free of errors, virus, interception orinterference.To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
On 27 Oct 2006 at 13:53, Robbie Pardue wrote: I agree completely Robbie! Good post! Mike N FXOL To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] Update for SMTP vulnerability in 8.22
OK, I bit the bullet and did the upgrade in the middle of the day. All seens well. Even my IMail Client still works. I had thought it wasn't supposed to work with 8.2x. Thanks for your help, and encouragement. Bill Green dfn Systems - Original Message - From: Robbie Pardue To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 11:14 AM Subject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 Yes, confirmed. Stop your services, run the imail8.22, launch the "smiley man", activate or trial, stop the smtp, replace the smtpprotocol.dll for the patch and start the smtp. Did it on two machines this morning...in the same nervous condition. - Original Message From: Bill Green dfn Systems [EMAIL PROTECTED]To: Imail_Forum@list.ipswitch.comSent: Friday, October 27, 2006 10:05:20 AMSubject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 Thank you, Robbie, and Michael. That's what was making me uneasy. I had a vague memory of some concerns over activation when 8.2 was new. I've downloaded 8.22 from the link in the KB article Tripp posted. It is named imail8.22.exe and is 23,639KB. The KB labels it an update, but I believe by the size it is a full install. Can anyone confrm this for a nervous (paranoid) IMail admin? Bill Green dfn Systems You can install 8.22 (and patch it) and select "Activate Later" when you launch "the smiley man". Nothing (according to techsupport) is restricted...except that you have to have activated it within 30 days or it will shut down.
Re: [IMail Forum] Update for SMTP vulnerability in 8.22
Does the current 8.22download include the December 2005 patch?
Re: [IMail Forum] Update for SMTP vulnerability in 8.22
Maybe I just answered my own question. The December 2005 "patch" is 23MB, so that's probably the version upgrade from 8.2, right? - Original Message - From: Dave Doherty To: Imail_Forum@list.ipswitch.com Cc: [EMAIL PROTECTED] Sent: Friday, October 27, 2006 4:52 PM Subject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 Does the current 8.22download include the December 2005 patch?
Re: [IMail Forum] SMTP Exploit Scanning Going on NOW
same here, hope Kevin Gillis will answer this questions otherwise it seems to answer my question about the manner to force an upgrade. marc At 20:53 27.10.2006, you wrote: Does IPSwitch have stated life-of-product somewhere? I ask because Imail 8.2 came out in April 28 of 2005 and was the first to require Activation (?) Was the condition of this activation an active support contract at the time? And if so is one ordinarily included with the software at time of purchase? If, for example, one would ordinarily get a 1-year contract with purchase, then that would mean that someone purchasing imail before April 28 of 2004 would be excluded from this upgrade without purchasing a support contract. That makes the life-of-product for an IPSwitch purchase only 2.5 years. I understand that you don't pay for a support contract, you don't get to call when it breaks is a reasonable standard. And I understand that you don't get a support contract you don't get new features is another okay standard. But this is not a feature or a user problem, this is a security vulnerability. By refusing to release a patch for the basic functionality of Imail 8.15, Ipswitch is going from flag-ship software to abandonware in 2.5 years...which seems a little rough. I understand that IPSwitch makes these products in order to make money and that a small-office admin with a system that is good enough for her needs, that her users know and like, and that doesn't change enough for her to need spendy service-contracts stops making money for IPswitch if she cannot be compelled to upgrade for by a marketing blitz, but Imail 8.15 itself was only released in February of 2005...that's 18 months ago. 18 months from THE-version to no-more-patches seems excessive. How about a patch for 8.15 and a time-of-life mailling. We will no longer be supporting Imail 8.15 after January 31st, here are your options...instead of Nah, we've just decided arbitrarily that it's too much trouble. No warning, no nothing. Monday there's an exploit, Friday it's expired, that's just the way it is. ...I talked to techsupport this morning and was told personally that nearly all of the cases of exploitation that they have seen have been of version 8.15. If SMTP was really so totally different between 8.15 and 8.22 then how can it have the exact same vulnerability? but still be too different to fix? If most of the people experiencing trouble are using 8.15 then how can it not be worth it to release a patch for them? Even for basic Internet Netiquette and reputation of the software this is not right. All apologies if I missed the 8.15 will expire on in my monthly spamming and/or if this was in the fine-print when I clicked Agree (I guess). - Original Message From: Tripp Allen [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 10:15:19 AM Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW We are not currently planning a patch for 8.1X so you will need to upgrade. Tripp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Beach Computers Sent: Friday, October 27, 2006 12:25 PM To: Imail_Forum@list.ipswitch.com Subject: RE: [IMail Forum] SMTP Exploit Scanning Going on NOW Tripp, Is there anyone in Ipswitch that can CONFIRM this: If any of your customers are running 8.15 they have 2 options. PAY and upgrade. Stay vulnerable if not running any gateways. Your input is appreciated. Dave --- |Beach Computers| |Affordable Hosting Solutions | |http://www.beachcomp.comhttp://www.beachcomp.com | === |Cheap Domain Warehouse | |Get Your Own Dot! | |http://www.cheapdomainwarehouse.comhttp://www.cheapdomainwarehouse.com| -- Disclaimer and confidentiality note: The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address records can be corrected. Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies. Beach Computers cannot assure that the integrity of this communication has been
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
Guys, here's my solution to staying off of 2006 until your comfortable while still make your users happy: http://www.webmailasp.net/buy their webmail solution which is pretty nice and a whopping $100 http://www.serverobjects.com/products.htmyou'll need their aspmail and asppop3 software $200 install that and you're good to go with a much nicer interface and you can turn off web messaging. Kevin, since I'm once again stuck between a rock and a hard place I would appreciate your refunding this expense to me. I can't wait on your guys to fix the slow login problem by waiting for 2006.2! Thanks for calling me. I shouldn't have to track down other imail users with the same problem as me, again. You should have fixed this problem in 2006.0x instead of forcing people to jump to 2006.1. Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave DohertySent: Friday, October 27, 2006 5:05 PMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 Maybe I just answered my own question. The December 2005 "patch" is 23MB, so that's probably the version upgrade from 8.2, right? - Original Message - From: Dave Doherty To: Imail_Forum@list.ipswitch.com Cc: [EMAIL PROTECTED] Sent: Friday, October 27, 2006 4:52 PM Subject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 Does the current 8.22download include the December 2005 patch?
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
Thx for this update, and wow, how a software can be useless after only 1,5 years!? This negligently attitude is not more acceptable. I will not pay 1000 USD and have next year after SA expired again a security problem. Is this a new manner to force to upgrade? I believe Imail 8.15 is over 2 years old and since then there have been 3 major releases. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Program Alias to control delivery of messages
I'm trying to figure out the program alias. We have a server (non Imail) that delivers email to parents. The emails all come from the same address and pass through Imail. There are some emails that we do not want to deliver so I'm thinking I can setup a program alias that all mail from this account will be processed by the alias. Here's the question: Has anyone setup a program alias that will delete the mail if a string is found in the message but deliver it if it's not found? Why use a program alias? Why not use Imail rules? John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] Update for SMTP vulnerability in 8.22
My copy was compiled in Feb 05, so one year and eight months. - Original Message - From: John T (Lists) [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 5:30 PM Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 Thx for this update, and wow, how a software can be useless after only 1,5 years!? This negligently attitude is not more acceptable. I will not pay 1000 USD and have next year after SA expired again a security problem. Is this a new manner to force to upgrade? I believe Imail 8.15 is over 2 years old and since then there have been 3 major releases. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
Right, but also partially responsible by Ipswitch. Its the first time in 10 years that a software seems to be useless after 3 years only, when IMail 8.x was coming out... again, this not acceptable. QuickBooks 2003 is no longer usable if you want to do a common list of things. QuickBooks prior to 2007 will not be usable on Windows Vista. Your AV software is useless the day after the definition subscription expires. I am sure others can come with lots of examples. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] Program Alias to control delivery of messages
yep, you're right John. got to thinking about it and that's the answer. got it going, thanks for the reply, bob On Friday, October 27, 2006 3:34 PM, John T \(Lists\) [EMAIL PROTECTED] wrote: I'm trying to figure out the program alias. We have a server (non Imail) that delivers email to parents. The emails all come from the same address and pass through Imail. There are some emails that we do not want to deliver so I'm thinking I can setup a program alias that all mail from this account will be processed by the alias. Here's the question: Has anyone setup a program alias that will delete the mail if a string is found in the message but deliver it if it's not found? Why use a program alias? Why not use Imail rules? John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] Update for SMTP vulnerability in 8.22
So am I to understand that ASSP somehow prevents the vulnerabtility from being a problem? With the recent report of the exploit getting through IMGate, this is still a good question. Is there anybody using ASSP directly in front of IMail, that has suffered from this exploit? Will the delaying option in ASSP be a sufficient deterrent? Assuming the exploit uses a valid recipient and passes all ASSP connection tests, will the malicious rcpt command be passed unmolested from ASSP to Imail? Does anyone have a record of a successful exploit or exploit attempt that we could use to generate a blocking filter? Thanks, Doug Traylor MIS Department Harbison-Fischer Mfg. Co. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
[IMail Forum] 8.22 tarpitting feature
Now that I have 8.22, I thought I'd use the tarpitting feature, but now I can't find any documentation on it. I've found mention of it in the archives, but not how to enable it. Anyone still have a link? Bill Green dfn Systems --- [This E-mail scanned for viruses by Declude EVA] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] Update for SMTP vulnerability in 8.22
Anybody willing to give any input as to what to look for? Brian - Original Message - From: Brian T. To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 11:23 AM Subject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 How can you tell? Brian T. - Original Message - From: Servei Tecnic [ MICROTECH ] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 11:01 AM Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 just get hacked... -Mensaje original-De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]En nombre de Beach ComputersEnviado el: viernes, 27 de octubre de 2006 16:45Para: Imail_Forum@list.ipswitch.comAsunto: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 So, if you have no SA and are on 8.15, you either pay, or get hacked? Dave===Beach ComputersAffordable Hosting Solutionshttp://www.beachcomp.com===Cheap Domain WarehouseGet Your Own Dot!http://www.cheapdomainwarehouse.comDisclaimer and confidentiality note:The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential.If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on thecontents of this information is strictly prohibited and may be unlawful.The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please deleteit from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address recordscan be corrected.Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies.Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie PardueSent: Friday, October 27, 2006 9:24 AMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 I talked to Kevin Gillis. The short answer is no patch for anything older than 8.22. - Original Message From: marc [EMAIL PROTECTED]To: Imail_Forum@list.ipswitch.comSent: Friday, October 27, 2006 4:51:00 AMSubject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 any news about "planning to check/fix prior 8.22 versions"?will Kevin Gillis answer this (and here)?marcAt 09:36 27.10.2006, you wrote:Is Ipswitch planning to check/fix prior 8.22 versions?Any SMTP update for 8.15 will work in 8.05??If i understand correctly, SMTP was fully rewrited in 8.22, so is same in8.05 and 8.15Thxs,Pere Ginabreda-Mensaje original-De: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] nombre de Tripp AllenEnviado el: viernes, 27 de octubre de 2006 3:57Para: Imail_Forum@list.ipswitch.comAsunto: [IMail Forum] Update for SMTP vulnerability in 8.22The steps and files to update 8.22 are located here:http://support.ipswitch.com/kb/IM-20061026-JH01.htmNote this will ONLYwork for 8.22.Thanks,Tripp AllenSoftware Development Manager, MessagingIpswitch, Inc.To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/[Scanned for viruses by Declude][Scanned for viruses by Declude]To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.htmlList Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
does your desktop software examples have any security holes to compromise a server shared with hundreds of customers? make a serious comparison to convince me, that this is common. we are talking about business server software not for 100 bugs. marc QuickBooks 2003 is no longer usable if you want to do a common list of things. QuickBooks prior to 2007 will not be usable on Windows Vista. Your AV software is useless the day after the definition subscription expires. I am sure others can come with lots of examples. John T eServices For You [Scanned for viruses by Declude] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] Update for SMTP vulnerability in 8.22
Look at your smtp logs for "send error 10038". That will be preceded by something likedate time SMTPD(your-message-number) [the imail IP] connectthe-offending-server-ip port 3442date time SMTPD(your-message-number) [the-offending-server-up] EHLOdate time SMTPD(your-message-number) [the-offending-server-up] MAIL FROM [EMAIL PROTECTED]date time SMTPD(your-message-number) [the-offending-server-up] RCPT TO:@qo#9829;#9658;:ÉÉdate time SMTPD() send error 10038 and followed by a SMTP server refusing connections (though the service says "Running") (and only that if you are lucky...the overflow warning indicates that they can run anything they want in that). (That string can be any number of continuous crazy characters, seems to vary from hacker to hacker / log server to log server.)- Original Message From: Brian T. [EMAIL PROTECTED]To: Imail_Forum@list.ipswitch.comSent: Friday, October 27, 2006 4:18:27 PMSubject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 Anybody willing to give any input as to what to look for? Brian - Original Message - From: Brian T. To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 11:23 AM Subject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 How can you tell? Brian T. - Original Message - From: Servei Tecnic [ MICROTECH ] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 11:01 AM Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 just get hacked... -Mensaje original-De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]En nombre de Beach ComputersEnviado el: viernes, 27 de octubre de 2006 16:45Para: Imail_Forum@list.ipswitch.comAsunto: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 So, if you have no SA and are on 8.15, you either pay, or get hacked? Dave===Beach ComputersAffordable Hosting Solutionshttp://www.beachcomp.com===Cheap Domain WarehouseGet Your Own Dot!http://www.cheapdomainwarehouse.comDisclaimer and confidentiality note:The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential.If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on thecontents of this information is strictly prohibited and may be unlawful.The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please deleteit from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address recordscan be corrected.Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies.Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie PardueSent: Friday, October 27, 2006 9:24 AMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 I talked to Kevin Gillis. The short answer is no patch for anything older than 8.22. - Original Message From: marc [EMAIL PROTECTED]To: Imail_Forum@list.ipswitch.comSent: Friday, October 27, 2006 4:51:00 AMSubject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 any news about "planning to check/fix prior 8.22 versions"?will Kevin Gillis answer this (and here)?marcAt 09:36 27.10.2006, you wrote:Is Ipswitch planning to check/fix prior 8.22 versions?Any SMTP update for 8.15 will work in 8.05??If i understand correctly, SMTP was fully rewrited in 8.22, so is same in8.05 and 8.15Thxs,Pere Ginabreda-Mensaje original-De: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] nombre de Tripp AllenEnviado el: viernes, 27 de octubre de 2006 3:57Para: Imail_Forum@list.ipswitch.comAsunto: [IMail Forum] Update for SMTP vulnerability in 8.22The steps and files to update 8.22 are located here:http://support.ipswitch.com/kb/IM-20061026-JH01.htmNote this will ONLYwork for 8.22.Thanks,Tripp AllenSoftware Development Manager, MessagingIpswitch, Inc.To Unsubscribe:
AW: [IMail Forum] 8.22 tarpitting feature
Hi, Search for dictionary attack in the KB -- Mit freundlichen Grüssen Merlin Consulting Martin Schaible Bahnhofstrasse 27 CH-8702 Zollikon Phone: +41 44 391 30 00 Fax: +41 44 391 32 49 Mail:mailto:[EMAIL PROTECTED] URL: http://www.merlinconsulting.ch Support: http://support.merlinconsulting.ch GPS: N47 20.235 E8 34.226 News - Neue Produkte: .:. mxGuard - InvURIBL - MessageSniffer .:. NOD32 Antivirus System .:. BlueDragon .:. Kiwi Syslog Monitor .:. Paessler GmbH .:. SmarterTools -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Bill Green dfn Systems Gesendet: Samstag, 28. Oktober 2006 01:17 An: IMail_Forum@list.ipswitch.com Betreff: [IMail Forum] 8.22 tarpitting feature Now that I have 8.22, I thought I'd use the tarpitting feature, but now I can't find any documentation on it. I've found mention of it in the archives, but not how to enable it. Anyone still have a link? Bill Green dfn Systems --- [This E-mail scanned for viruses by Declude EVA] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] 8.22 tarpitting feature
It is not a true tarpitting but rather a temp auto black list that if an IP tries X number of invalid recipients the IP is blocked from connecting for Y amount of minutes. It is set in the registry. http://support.ipswitch.com/kb/IM-20050831-DM01.htm John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] Update for SMTP vulnerability in 8.22
Doug, The only way to get complete protection from the exploit it to make sure that IMail doesn't answer the Internet with SMTP. If you have IMail 8.x or earlier, and you have customers connecting to IMail for SMTP, you cannot sufficiently lock it down unless your firewall has some form of IDS that detects this exploit. Most exploits like this are run by 'script kiddies' doing a scan of IP ranges. Even if you have your MX records pointed at a seperate gateway, your IMail SMTP server will still be fully exposed. It is unlikely that having such a gateway would provide any extra protection from this exploit. This is the same as other past exploits of IMail. They don't spread by E-mail, they spread by scripting. Everyone that runs any mail server, regardless of brand, must absolutely expect to have to patch their software for the latest exploits. Once you no longer have a path to get a patch, you are in a lot of danger. Ipswitch seemingly recognized in this case that the issues with 2006 cause a situation where there is not a suitable upgrade path for a large number of users. I still don't believe that this has been fully handled appropriately as the patch is not listed on their Downloads page, and no mailings have been sent out to those under a current service agreement. Regarding previous versions, there were other exploits for versions prior to 8.15 HF2, so running something earlier is not wise regardless of this particular issue. 8.15 HF2 has a killer message vulnerability that causes Queue Manager to crash and has been triggered by some messages in the wild. I wouldn't think that being on 8.15 HF2 would be wise, though not for simply the reason that Ipswitch is not committed to a patch. I think that it would be wise for Ipswitch to reevaluate their approach to vulnerability patches. It is unreasonable to think that customers can keep up with dot-releases because functionality does change with these and a mail server is a critical tool for many organizations. These dot-releases tend to come out about three times a year, and that just doesn't work for everyone. I believe that they should seek to provide patches for vulnerabilities for all dot-releases going back for 1 to 2 years. The two year number is appropriate because of the issues with upgrading, and they aren't isolated to just the recent circumstances. I don't think that it would be fully unreasonable to not provide patches to older versions without a service agreement, but for reasons that I previously stated, it would be a net positive for them to do so. They certainly would have avoided this situation. I spoke up about this on 9/12 when the vulnerability first came up, but they waited until it was spreading in the wild and the message list lit up before responding to the issue. As a result, Ipswitch has lost goodwill, whereas if they had provided the patch back then, they would have gained goodwill. Matt Doug Traylor wrote: So am I to understand that ASSP somehow prevents the vulnerabtility from being a problem? With the recent report of the exploit getting through IMGate, this is still a good question. Is there anybody using ASSP directly in front of IMail, that has suffered from this exploit? Will the delaying option in ASSP be a sufficient deterrent? Assuming the exploit uses a valid recipient and passes all ASSP connection tests, will the malicious rcpt command be passed unmolested from ASSP to Imail? Does anyone have a record of a successful exploit or exploit attempt that we could use to generate a blocking filter? Thanks, Doug Traylor MIS Department Harbison-Fischer Mfg. Co. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
AW: [IMail Forum] Update for SMTP vulnerability in 8.22
Hi, Bill, i do not agree with your latest statement. As everybody knows, Ipswitch spent a lot of time to get IMail 2006 running. It's also true, that a brand new software, a release1.0, can cause problems. That's for sure a reason, why Ipswitch released several versions of IMail 2006 this year. It's up to you to decide to jump on the train or not. We waited for the 2006.1 release, which is actually the best version and we used older versions only for internal testing and to get an impression of the product. In my opinion, it's a natural thing to upgradefrom version 2006.04 to 2006.1. And if 2006.1x is available, we have to upgradetoo like we have to upgrade other software. The only wish i have: The next version of IMailshould be available asa full product fora new installation and a patch version which only includes the changed files. btw: we couldn't reproduce the slow login on our system. It takes a bit longer than the old webmail, but it's ok. Maybe you have to upgrade to version 2006.1 ;-) --Mit freundlichen GrüssenMerlin ConsultingMartin SchaibleBahnhofstrasse 27CH-8702 ZollikonPhone: +41 44 391 30 00Fax: +41 44 391 32 49Mail: mailto:[EMAIL PROTECTED]URL: http://www.merlinconsulting.chSupport: http://support.merlinconsulting.chGPS: N47 20.235 E8 34.226News - Neue Produkte:.:. mxGuard - InvURIBL - MessageSniffer.:. NOD32 Antivirus System.:. BlueDragon.:. Kiwi Syslog Monitor.:. Paessler GmbH.:. SmarterTools Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Matrosity HostingGesendet: Freitag, 27. Oktober 2006 23:19An: Imail_Forum@list.ipswitch.comBetreff: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 Guys, here's my solution to staying off of 2006 until your comfortable while still make your users happy: http://www.webmailasp.net/buy their webmail solution which is pretty nice and a whopping $100 http://www.serverobjects.com/products.htmyou'll need their aspmail and asppop3 software $200 install that and you're good to go with a much nicer interface and you can turn off web messaging. Kevin, since I'm once again stuck between a rock and a hard place I would appreciate your refunding this expense to me. I can't wait on your guys to fix the slow login problem by waiting for 2006.2! Thanks for calling me. I shouldn't have to track down other imail users with the same problem as me, again. You should have fixed this problem in 2006.0x instead of forcing people to jump to 2006.1. Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave DohertySent: Friday, October 27, 2006 5:05 PMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 Maybe I just answered my own question. The December 2005 "patch" is 23MB, so that's probably the version upgrade from 8.2, right? - Original Message - From: Dave Doherty To: Imail_Forum@list.ipswitch.com Cc: [EMAIL PROTECTED] Sent: Friday, October 27, 2006 4:52 PM Subject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 Does the current 8.22download include the December 2005 patch?
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
does your desktop software examples have any security holes to compromise a server shared with hundreds of customers? make a serious comparison to convince me, that this is common. we are talking about business server software not for 100 bugs. marc Neither I nor any one else would consider QuickBooks Professional or Enterprise mere desktop software which does not have major ripple affect through a company if something goes wrong, sir! Are you now attempting to change the meaning of your post I was responding to in which you stated that this is the first time in 10 years you have heard of software that was useless after 3 years? You opened your mouth and made a broad general matter-of-fact statement. I proved it wrong. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
I did upgrade to 2006.1 which is why I'm hosed now. 2006.04a ran great! It wasn't until I installed .01 that things got f'd up. Since I can't go back I have to go forward. Once again, Ipswitch claims I'm the only one that has this problem even though it's mentioned in the forums. They can reproduce the problem and tell me that I'll have to wait for 2006.2 before it will be fixed. Again, I can't go back and I can't go forward for a month so I'm supposed to be satisfied with that as a solution? Hell no. Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin SchaibleSent: Friday, October 27, 2006 8:43 PMTo: Imail_Forum@list.ipswitch.comSubject: AW: [IMail Forum] Update for SMTP vulnerability in 8.22 Hi, Bill, i do not agree with your latest statement. As everybody knows, Ipswitch spent a lot of time to get IMail 2006 running. It's also true, that a brand new software, a release1.0, can cause problems. That's for sure a reason, why Ipswitch released several versions of IMail 2006 this year. It's up to you to decide to jump on the train or not. We waited for the 2006.1 release, which is actually the best version and we used older versions only for internal testing and to get an impression of the product. In my opinion, it's a natural thing to upgradefrom version 2006.04 to 2006.1. And if 2006.1x is available, we have to upgradetoo like we have to upgrade other software. The only wish i have: The next version of IMailshould be available asa full product fora new installation and a patch version which only includes the changed files. btw: we couldn't reproduce the slow login on our system. It takes a bit longer than the old webmail, but it's ok. Maybe you have to upgrade to version 2006.1 ;-) --Mit freundlichen GrüssenMerlin ConsultingMartin SchaibleBahnhofstrasse 27CH-8702 ZollikonPhone: +41 44 391 30 00Fax: +41 44 391 32 49Mail: mailto:[EMAIL PROTECTED]URL: http://www.merlinconsulting.chSupport: http://support.merlinconsulting.chGPS: N47 20.235 E8 34.226News - Neue Produkte:.:. mxGuard - InvURIBL - MessageSniffer.:. NOD32 Antivirus System.:. BlueDragon.:. Kiwi Syslog Monitor.:. Paessler GmbH.:. SmarterTools Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Matrosity HostingGesendet: Freitag, 27. Oktober 2006 23:19An: Imail_Forum@list.ipswitch.comBetreff: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 Guys, here's my solution to staying off of 2006 until your comfortable while still make your users happy: http://www.webmailasp.net/buy their webmail solution which is pretty nice and a whopping $100 http://www.serverobjects.com/products.htmyou'll need their aspmail and asppop3 software $200 install that and you're good to go with a much nicer interface and you can turn off web messaging. Kevin, since I'm once again stuck between a rock and a hard place I would appreciate your refunding this expense to me. I can't wait on your guys to fix the slow login problem by waiting for 2006.2! Thanks for calling me. I shouldn't have to track down other imail users with the same problem as me, again. You should have fixed this problem in 2006.0x instead of forcing people to jump to 2006.1. Bill Foresman Matrosity Hosting www.matrosity.com 850.656.2644 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave DohertySent: Friday, October 27, 2006 5:05 PMTo: Imail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 Maybe I just answered my own question. The December 2005 "patch" is 23MB, so that's probably the version upgrade from 8.2, right? - Original Message - From: Dave Doherty To: Imail_Forum@list.ipswitch.com Cc: [EMAIL PROTECTED] Sent: Friday, October 27, 2006 4:52 PM Subject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 Does the current 8.22download include the December 2005 patch?
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
Thousands of emails in your queue and subjects and tos containing the ?-windows= or something similar. We had one account hit and it appears they got their password as later in the day they sent out using their email address and authenticated using their password. We changed the password and it stopped so far, but I am guessing they might of got other accounts too. Have 5000+ users to ask to change their passwords to be safe. Thanks, Grant Griffith Web Application Developer Enhanced Telecommunications http://www.etczone.com 812-932-1000 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian T. Sent: Friday, October 27, 2006 7:18 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 Anybody willing to give any input as to what to look for? Brian - Original Message - From: Brian T. To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 11:23 AM Subject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 How can you tell? Brian T. - Original Message - From: Servei Tecnic [ MICROTECH ] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 11:01 AM Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 just get hacked... -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]En nombre de Beach Computers Enviado el: viernes, 27 de octubre de 2006 16:45 Para: Imail_Forum@list.ipswitch.com Asunto: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 So, if you have no SA and are on 8.15, you either pay, or get hacked? Dave === Beach Computers Affordable Hosting Solutions http://www.beachcomp.com === Cheap Domain Warehouse Get Your Own Dot! http://www.cheapdomainwarehouse.com Disclaimer and confidentiality note: The contents of this communication are intended/meant only for addressee(s) and may contain information that is privileged or otherwise confidential. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. The contents of this e-mail shall not be forwarded to any third party. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email, so that the sender's address records can be corrected. Views and opinions are solely those of the sender unless clearly indicated as being that of Beach Computers or any of it's affiliated companies. Beach Computers cannot assure that the integrity of this communication has been maintained or that it is free of errors, virus, interception or interference. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robbie Pardue Sent: Friday, October 27, 2006 9:24 AM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] Update for SMTP vulnerability in 8.22 I talked to Kevin Gillis. The short answer is no patch for anything older than 8.22. - Original Message From: marc [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 4:51:00 AM Subject: RE: [IMail Forum] Update for SMTP vulnerability in 8.22 any news about planning to check/fix prior 8.22 versions? will Kevin Gillis answer this (and here)? marc At 09:36 27.10.2006, you wrote: Is Ipswitch planning to check/fix prior 8.22 versions? Any SMTP update for 8.15 will work in 8.05?? If i understand correctly, SMTP was fully rewrited in 8.22, so is same in 8.05 and 8.15 Thxs, Pere Ginabreda -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de Tripp Allen Enviado el: viernes, 27 de octubre de 2006 3:57 Para: Imail_Forum@list.ipswitch.com Asunto: [IMail Forum] Update for SMTP vulnerability in 8.22 The steps and files to update 8.22 are located here: http://support.ipswitch.com/kb/IM-20061026-JH01.htmNote this will ONLY work for 8.22. Thanks, Tripp Allen Software Development Manager, Messaging Ipswitch, Inc. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ [Scanned for viruses by Declude] [Scanned for viruses by Declude] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Update for SMTP vulnerability in 8.22
I do not have any reason to change the meaning of my post. Just read the subject to this theard and than you will understand the meaning of useless. marc At 02:46 28.10.2006, you wrote: does your desktop software examples have any security holes to compromise a server shared with hundreds of customers? make a serious comparison to convince me, that this is common. we are talking about business server software not for 100 bugs. marc Neither I nor any one else would consider QuickBooks Professional or Enterprise mere desktop software which does not have major ripple affect through a company if something goes wrong, sir! Are you now attempting to change the meaning of your post I was responding to in which you stated that this is the first time in 10 years you have heard of software that was useless after 3 years? You opened your mouth and made a broad general matter-of-fact statement. I proved it wrong. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ [Scanned for viruses by Declude] [Scanned for viruses by Declude] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
[IMail Forum] Mail to Fax in 8.22
Hi, all- I have one user who relies heavily on the old email to fax utility that was available in earlier versions. Maybe I'm missing something obvious, but I don't see anything on this subject as it relates to 8.22 or 2006.10. Anybody know about this? -Dave Doherty Skywaves, Inc. 508-425-7176 [EMAIL PROTECTED] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Mail to Fax in 8.22
Dave, It seems to me that I had to upgrade Email-To-Fax, either 7.x to 8.0 or it was 8.15 to 8.22. As I recall, that was the only time I had to upgrade it. I am running 8.22 and I am running Email-To-FAX. Like you, I have one customer that swears that they cannot do without it. To get the upgrade, you may have to request a link from Ipswitch. But be assured, you can run Email-To-FAX on 8.22. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] Mail to Fax in 8.22
Thanks Michael. There was an upgrade that I had to do when transitioning to 8.15. The version I am running returns SNDFAXUI Version 8.14-2004.11.1 as the first line of the Help | About display. Is that the version you are using with 8.22? -d - Original Message - From: Michael Thomas - Mathbox [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 10:35 PM Subject: RE: [IMail Forum] Mail to Fax in 8.22 Dave, It seems to me that I had to upgrade Email-To-Fax, either 7.x to 8.0 or it was 8.15 to 8.22. As I recall, that was the only time I had to upgrade it. I am running 8.22 and I am running Email-To-FAX. Like you, I have one customer that swears that they cannot do without it. To get the upgrade, you may have to request a link from Ipswitch. But be assured, you can run Email-To-FAX on 8.22. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Mail to Fax in 8.22
Dave, Mine reads SNDFAXUI Version 8.14-2004.11.10 The version I am running returns SNDFAXUI Version 8.14-2004.11.1 as the first line of the Help | About display. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
Re: [IMail Forum] Mail to Fax in 8.22
We have the same version. Typo on my part. Thanks! -d - Original Message - From: Michael Thomas - Mathbox [EMAIL PROTECTED] To: Imail_Forum@list.ipswitch.com Sent: Friday, October 27, 2006 10:56 PM Subject: RE: [IMail Forum] Mail to Fax in 8.22 Dave, Mine reads SNDFAXUI Version 8.14-2004.11.10 The version I am running returns SNDFAXUI Version 8.14-2004.11.1 as the first line of the Help | About display. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
[IMail Forum] Unable to log into web IClient 2006.1 after upgrade
After upgrading to 2006.1, we are unable to log into the Webmail client. Webadmin works fine.We get the message : Unable to log into the system. Reason: Failed to authorize user. All other services POP3 and SMTP, and IMAP are working fine. There are no logs in the IIS folder other than the standard access log. There is nothing in the Event logs anywhere. There is nothing in the SYSMMDD.txt file concerning webmail login. The Webmail anonymous user imail_user has access to the external database. How can get get more detailed diagnostics from the IClient application? Thanks, Mike To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/